Sifchain - HackerOne Reports
View on HackerOne71
Total Reports
0
Critical
3
High
4
Medium
15
Low
Wrong Url in Main page of sifchain.finance
Reported by:
beebeek
|
Disclosed:
Low
Weakness: Misconfiguration
No Rate Limit protection in user subscription form
Reported by:
aliyugombe
|
Disclosed:
Low
Found a url on source code which was disclosing different juicy informations like ip addresses and available endponts
Reported by:
paranoid07
|
Disclosed:
Weakness: Information Exposure Through Directory Listing
CORS (Cross-Origin Resource Sharing) origin validation failure
Reported by:
kapil18
|
Disclosed:
4 xss vulnerability dom based cwe 79 ; wordpress bootstrap.min.js is vulnerable
Reported by:
rao_ji1hackerone
|
Disclosed:
Medium
Weakness: Cross-site Scripting (XSS) - DOM
Clickjacking
Reported by:
whiteraven0101
|
Disclosed:
Low
Weakness: UI Redressing (Clickjacking)
Possibility of DoS attack at https://sifchain.finance// via CVE-2018-6389 exploitation
Reported by:
spyata
|
Disclosed:
CVEs:
CVE-2018-6389
Open S3 Bucket | information leakage
Reported by:
b29z
|
Disclosed:
Misconfiguration Certificate Authority Authorization Rule
Reported by:
d4rk_r0s3
|
Disclosed:
Weakness: Misconfiguration
Flaws In Social media Icon on error page which can lead to financial loss to a company.
Reported by:
beebeek
|
Disclosed:
Weakness: Business Logic Errors
Possible Database Details stored in values.yaml
Reported by:
sparta5537
|
Disclosed:
Medium
Weakness: Cleartext Storage of Sensitive Information
clickjacking vulnerability
Reported by:
sravani_1234
|
Disclosed:
Weakness: UI Redressing (Clickjacking)
ETHEREUM_PRIVATE_KEY leaked via github
Reported by:
bugkillerak
|
Disclosed:
Exposed Openapi Token
Reported by:
johnjhacking
|
Disclosed:
Weakness: Cleartext Storage of Sensitive Information
CSRF in newsletter form
Reported by:
ph0b0s
|
Disclosed:
Weakness: Cross-Site Request Forgery (CSRF)
Session Token in URL
Reported by:
little_one
|
Disclosed:
Weakness: Improper Authentication - Generic
Information Disclosure on https://rpc.sifchain.finance/
Reported by:
bringing2021
|
Disclosed:
Weakness: Information Disclosure
Error Page Content Spoofing or Text Injection
Reported by:
g4urav_19
|
Disclosed:
Low
Path Transversal inside saveContracts.js
Reported by:
caon
|
Disclosed:
Weakness: Relative Path Traversal
Sifchain Privacy Policy Webpage Uses Wordpress Default Template. Does Not Display Correct Privacy Policy.
Reported by:
masq31
|
Disclosed:
Weakness: Information Disclosure